From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 28 Oct 2019 16:59:34 +0000 (+0000)
Subject: people: Show last successful/failed authentication attempts
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ddfa1d3d6f3f68ba52033dfcca67ef91df9511a4;p=ipfire.org.git

people: Show last successful/failed authentication attempts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index d36dbafb..c310cf53 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -485,6 +485,58 @@ class Account(Object):
 	def _delete_string(self, key, value):
 		return self._delete_strings(key, [value,])
 
+	@lazy_property
+	def kerberos_attributes(self):
+		res = self.backend.accounts._query(
+			"(&(objectClass=krbPrincipal)(krbPrincipalName=%s@IPFIRE.ORG))" % self.uid,
+			attrlist=[
+				"krbLastSuccessfulAuth",
+				"krbLastPasswordChange",
+				"krbLastFailedAuth",
+				"krbLoginFailedCount",
+			],
+			limit=1,
+			search_base="cn=krb5,%s" % self.backend.accounts.search_base)
+
+		for dn, attrs in res:
+			return { key : attrs[key][0] for key in attrs }
+
+		return {}
+
+	@staticmethod
+	def _parse_date(s):
+		return datetime.datetime.strptime(s.decode(), "%Y%m%d%H%M%SZ")
+
+	@property
+	def last_successful_authentication(self):
+		try:
+			s = self.kerberos_attributes["krbLastSuccessfulAuth"]
+		except KeyError:
+			return None
+
+		return self._parse_date(s)
+
+	@property
+	def last_failed_authentication(self):
+		try:
+			s = self.kerberos_attributes["krbLastFailedAuth"]
+		except KeyError:
+			return None
+
+		return self._parse_date(s)
+
+	@property
+	def failed_login_count(self):
+		try:
+			count = self.kerberos_attributes["krbLoginFailedCount"].decode()
+		except KeyError:
+			return 0
+
+		try:
+			return int(count)
+		except ValueError:
+			return 0
+
 	def passwd(self, password):
 		"""
 			Sets a new password
diff --git a/src/templates/people/user.html b/src/templates/people/user.html
index c50e3fa6..5597c71d 100644
--- a/src/templates/people/user.html
+++ b/src/templates/people/user.html
@@ -81,8 +81,26 @@
 	</div>
 
 	{% if current_user.is_admin() %}
-		<p class="small text-muted">
-			{{ _("Last Modified %s") % locale.format_date(account.modified_at) }}
-		</p>
+		<ul class="list-unstyled small text-muted">
+			<li>
+				{{ _("Last Modified %s") % locale.format_date(account.modified_at) }}
+			</li>
+
+			{% if account.last_successful_authentication %}
+				<li>
+					{{ _("Last successful authentication: %s") % locale.format_date(account.last_successful_authentication) }}
+				</li>
+			{% end %}
+
+			{% if account.failed_login_count %}
+				<li class="text-warning">
+					{{ _("One unsuccessful authentication attempt.", "%(num)s unsuccessful authentication attempts.", account.failed_login_count) % { "num" : account.failed_login_count } }}
+
+					{% if account.last_failed_authentication %}
+						{{Â _("Last attempt: %s") % locale.format_date(account.last_failed_authentication) }}
+					{% end %}
+				</li>
+			{% end %}
+		</ul>
 	{% end %}
 {% end block %}
